英文:
Failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict"
问题
我是新手 Kubernetes。我只是尝试使用 kubectl 创建一个 TLS 密钥。我的最终目标是在 Kubernetes 中部署 Keycloak 集群。
所以我按照这个YouTube 教程。但在这个教程中没有提到如何生成我的 TLS 密钥和 TLS 证书。所以为了做到这一点,我使用了这个文档 (https://www.linode.com/docs/guides/create-a-self-signed-tls-certificate/)。
然后我可以生成 MyCertTLS.crt 和 MyKeyTLS.key
gayan@Gayan:/srv$ cd certs gayan@Gayan:/srv/certs$ ls MyCertTLS.crt MyKeyTLS.key
要为 Kubernetes 创建密钥密钥,我运行了这个命令
sudo kubectl create secret tls my-tls --key="MyKeyTLS.key" --cert="MyCertTLS.crt" -n keycloak-test
但它不起作用,我收到了这个错误,
gayan@Gayan:/srv/certs$ sudo kubectl create secret tls my-tls --key="MyKeyTLS.key" --cert="MyCertTLS.crt" -n keycloak-test [sudo] password for gayan: error: failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 127.0.0.1:8080: connect: connection refused
注意:
MiniKube 正在运行...
并且 Ingress 插件也已启用...
我已经创建了一个名为 keycloak-test 的命名空间。
gayan@Gayan:/srv/keycloak$ kubectl get namespaces NAME STATUS AGE default Active 3d19h ingress-nginx Active 119m keycloak-test Active 4m12s kube-node-lease Active 3d19h kube-public Active 3d19h kube-system Active 3d19h kubernetes-dashboard Active 3d19h
我正在尝试解决这个错误。但我不知道为什么会出现这个错误,正在寻找来自社区的解决方案。
英文:
I am new to Kubernetes. I just trying to create a tls secret using kubectl. My ultimate goal is deploy a keycloak cluster in kubernetes.
So I follow this youtube tutorial. But in this tutorial doesn't mention how to generate my own tls key and tls cert. So to do that I use this documentation (https://www.linode.com/docs/guides/create-a-self-signed-tls-certificate/).
Then I could generate MyCertTLS.crt and MyKeyTLS.key
<pre><font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv</b></font>$ cd certs
<font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv/certs</b></font>$ ls
MyCertTLS.crt MyKeyTLS.key
</pre>
To create secret key for the kubernetes, I ran this command
sudo kubectl create secret tls my-tls --key="MyKeyTLS.key" --cert="MyCertTLS.crt" -n keycloak-test
But It's not working, I got this error,
<pre><font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv/certs</b></font>$ sudo kubectl create secret tls my-tls --key="MyKeyTLS.key" --cert="MyCertTLS.crt" -n keycloak-test
[sudo] password for gayan:
error: failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 127.0.0.1:8080: connect: connection refused
</pre>
<B>Note</B>: <br>
MiniKube is Running...<br>
And Ingress Addon also enabled...<br>
I have created a namespace called keycloak-test.
<pre><font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv/keycloak</b></font>$ kubectl get namespaces
NAME STATUS AGE
default Active 3d19h
ingress-nginx Active 119m
keycloak-test Active 4m12s
kube-node-lease Active 3d19h
kube-public Active 3d19h
kube-system Active 3d19h
kubernetes-dashboard Active 3d19h
</pre>
I am trying to fix this error. But I have no idea why I get this, looking for a solution from the genius community.
答案1
得分: 1
I figured this out! I posted this, because this may helpful for someone.
I am getting that error,
error: failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 127.0.0.1:8080: connect: connection refused
Because my kubernetes api-server is running on a different port.
You can view what port your kubernetes api-server is running by running this command,
kubectl config view
Then for example, if you can see server: localhost:40475
like that, It's mean your server running on port 40475.
And kubernetes default port is 8443
Then you should mention the correct port on your kubectl command to create the secret.
So, I add --server=https://localhost:40475
to my command.
kubectl create secret tls my-tls --key="tls.key" --cert="tls.crt" -n keycloak-test --server=https://localhost:40475
And another thing, if you getting error like permission denied
You have to change the ownership of your tls.key
file and tls.crt
file.
I did this by running these commands,
sudo chmod 666 tls.crt
sudo chmod 666 tls.key
Then you should run above kubectl command, without sudo! It works !!!!!! If you run that command with sudo, It will ask username and passwords and it confused me and it did not work.
So, by doing this way, I solved this issue! Hope this will help to someone!!! Thanks!
英文:
I figured this out! I posted this, because this may helpful for someone.
I am getting that error,
error: failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 127.0.0.1:8080: connect: connection refused
Because my kubernetes api-server is running on a different port.
You can view what port your kubernetes api-server is running by running this command,
kubectl config view
Then for example, if you can see server: localhost:40475
like that, It's mean your server running on port 40475.
And kubernetes default port is 8443
Then you should mention the correct port on your kubectl command to create the secret.
So, I add --server=https://localhost:40475
to my command.
kubectl create secret tls my-tls --key="tls.key" --cert="tls.crt" -n keycloak-test --server=https://localhost:40475
And another thing, if you getting error like permission denied
You have to change the ownership of your tls.key
file and tls.crt
file.
I did this by running these commands,
sudo chmod 666 tls.crt
sudo chmod 666 tls.key
Then you should run above kubectl command, without sudo! It works !!!!!!
If you run that command with sudo, It will ask username and passwords and it confused me and it did not work.
So, by doing this way, I solved this issue!
Hope this will help to someone!!! Thanks!
答案2
得分: 1
在你的示例中,kubectl get namespaces
是可以工作的,但是 sudo kubectl create secret
不行。
在使用 Kubernetes 时,你不需要 sudo
。具体来说,连接信息默认存储在 $HOME/.kube/config
文件中,但是当你使用 sudo kubectl ...
时,会改变家目录,导致无法找到连接信息。
标准的 Kubernetes 假设是集群是远程的,所以你的本地用户ID对它并不重要。唯一重要的是访问集群的用户被分配的 Kubernetes 特定权限。
英文:
In your examples, kubectl get namespaces
works, but sudo kubectl create secret
doesn't.
You don't need sudo
to work with Kubernetes. In particular, the connection information is stored in a $HOME/.kube/config
file by default, but when you sudo kubectl ...
, that changes the home directory and you can't find the connection information.
The standard Kubernetes assumption is that the cluster is remote, and so your local user ID doesn't really matter to it. All that does matter is the Kubernetes-specific permissions assigned to the user that's accessing the cluster.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论